{ "info": { "author": "Bogdan Kulynych, Mohammad Yaghini", "author_email": "hello@bogdankulynych.me, mohammad.yaghini@epfl.ch", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Natural Language :: English", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: Implementation :: CPython", "Topic :: Scientific/Engineering :: Artificial Intelligence", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "###\nmia\n###\n\n|pypi| |license| |build_status| |docs_status| |zenodo|\n\n.. |pypi| image:: https://img.shields.io/pypi/v/mia.svg\n :target: https://pypi.org/project/mia/\n :alt: PyPI version\n\n.. |build_status| image:: https://travis-ci.org/spring-epfl/mia.svg?branch=master\n :target: https://travis-ci.org/spring-epfl/mia\n :alt: Build status\n\n.. |docs_status| image:: https://readthedocs.org/projects/mia-lib/badge/?version=latest\n :target: https://mia-lib.readthedocs.io/?badge=latest\n :alt: Documentation status\n\n.. |license| image:: https://img.shields.io/pypi/l/mia.svg\n :target: https://pypi.org/project/mia/\n :alt: License\n\n.. |zenodo| image:: https://zenodo.org/badge/DOI/10.5281/zenodo.1433744.svg\n :target: https://zenodo.org/record/1433744\n :alt: Citing with the Zenodo\n\nA library for running membership inference attacks (MIA) against machine learning models. Check out\nthe `documentation `_.\n\n.. description-marker-do-not-remove\n\nThese are attacks against privacy of the training data. In MIA, an attacker tries to guess whether a\ngiven example was used during training of a target model or not, only by querying the model. See\nmore in the paper by `Shokri et al `_. Currently, you can use the\nlibrary to evaluate the robustness of your Keras or PyTorch models to MIA.\n\nFeatures:\n\n* Implements the original shadow model `attack `_\n* Is customizable, can use any scikit learn's ``Estimator``-like object as a shadow or attack model\n* Is tested with Keras and PyTorch\n\n.. getting-started-marker-do-not-remove\n\n===============\nGetting started\n===============\n\nYou can install mia from PyPI:\n\n.. code-block:: bash\n\n pip install mia\n\n.. usage-marker-do-not-remove\n\n=====\nUsage \n=====\n\nShokri et al. attack\n====================\n\nSee the `full runnable example\n`_. Read the details of the\nattack in the `paper `_.\n\nLet ``target_model_fn()`` return the target model architecture as a scikit-like classifier. The\nattack is white-box, meaning the attacker is assumed to know the architecture. Let ``NUM_CLASSES``\nbe the number of classes of the classification problem.\n\nFirst, the attacker needs to train several *shadow models* \u2014that mimick the target model\u2014\non different datasets sampled from the original data distribution. The following code snippet\ninitializes a *shadow model bundle*, and runs the training of the shadows. For each shadow model,\n``2 * SHADOW_DATASET_SIZE`` examples are sampled without replacement from the full attacker's\ndataset. Half of them will be used for control, and the other half for training of the shadow model.\n\n.. code-block:: python\n\n from mia.estimators import ShadowModelBundle\n\n smb = ShadowModelBundle(\n target_model_fn,\n shadow_dataset_size=SHADOW_DATASET_SIZE,\n num_models=NUM_MODELS,\n )\n X_shadow, y_shadow = smb.fit_transform(attacker_X_train, attacker_y_train)\n\n``fit_transform`` returns *attack data* ``X_shadow, y_shadow``. Each row in ``X_shadow`` is a\nconcatenated vector consisting of the prediction vector of a shadow model for an example from the\noriginal dataset, and the example's class (one-hot encoded). Its shape is hence ``(2 *\nSHADOW_DATASET_SIZE, 2 * NUM_CLASSES)``. Each label in ``y_shadow`` is zero if a corresponding\nexample was \"out\" of the training dataset of the shadow model (control), or one, if it was \"in\" the\ntraining.\n\nmia provides a class to train a bundle of attack models, one model per class. ``attack_model_fn()``\nis supposed to return a scikit-like classifier that takes a vector of model predictions ``(NUM_CLASSES, )``,\nand returns whether an example with these predictions was in the training, or out.\n\n.. code-block:: python\n\n from mia.estimators import AttackModelBundle\n\n amb = AttackModelBundle(attack_model_fn, num_classes=NUM_CLASSES)\n amb.fit(X_shadow, y_shadow)\n\nIn place of the ``AttackModelBundle`` one can use any binary classifier that takes ``(2 *\nNUM_CLASSES, )``-shape examples (as explained above, the first half of an input is the prediction\nvector from a model, the second half is the true class of a corresponding example).\n\nTo evaluate the attack, one must encode the data in the above-mentioned format. Let ``target_model`` be\nthe target model, ``data_in`` the data (tuple ``X, y``) that was used in the training of the target model, and\n``data_out`` the data that was not used in the training.\n\n.. code-block:: python\n\n from mia.estimators import prepare_attack_data \n\n attack_test_data, real_membership_labels = prepare_attack_data(\n target_model, data_in, data_out\n )\n\n attack_guesses = amb.predict(attack_test_data)\n attack_accuracy = np.mean(attack_guesses == real_membership_labels)\n\n.. misc-marker-do-not-remove\n\n======\nCiting\n======\n\n.. code-block::\n\n @misc{mia,\n author = {Bogdan Kulynych and\n Mohammad Yaghini},\n title = {{mia: A library for running membership inference \n attacks against ML models}},\n month = sep,\n year = 2018,\n doi = {10.5281/zenodo.1433744},\n url = {https://doi.org/10.5281/zenodo.1433744}\n }\n\n\n\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/spring-epfl/mia", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "mia", "package_url": "https://pypi.org/project/mia/", "platform": "", "project_url": "https://pypi.org/project/mia/", "project_urls": { "Homepage": "https://github.com/spring-epfl/mia" }, "release_url": "https://pypi.org/project/mia/0.1.2/", "requires_dist": [ "numpy", "scipy", "scikit-learn", "torch", "tqdm", "pytest; extra == 'dev'", "pytest-lazy-fixture; extra == 'dev'", "tensorflow; extra == 'dev'", "skorch; extra == 'dev'", "keras; extra == 'dev'", "sphinx; extra == 'dev'", "sphinx-rtd-theme; extra == 'dev'", "black; extra == 'dev'", "pytest; extra == 'test'", "pytest-lazy-fixture; extra == 'test'", "tensorflow; extra == 'test'", "skorch; extra == 'test'", "keras; extra == 'test'" ], "requires_python": "", "summary": "A library for running membership inference attacks against ML models", "version": "0.1.2" }, "last_serial": 4315812, "releases": { "0.1.1": [ { "comment_text": "", "digests": { "md5": "177bf610890a7d3c60d1cc66830e65ae", "sha256": "40a6cd9a74099033e8216ed01d07f64c2af0d599eea28d96e837682d44153798" }, "downloads": -1, "filename": "mia-0.1.1-py3-none-any.whl", "has_sig": false, "md5_digest": "177bf610890a7d3c60d1cc66830e65ae", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 10142, "upload_time": "2018-09-23T18:28:13", "url": "https://files.pythonhosted.org/packages/e8/1b/232e9de9f96887d1c7add2a3226ca02f2e3ea5c1c92803e833bbd405720f/mia-0.1.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "52a1ac440fcdcfb7fd720aea27b272a0", "sha256": "33de8d5e9246d2ac2cab55ead798cd39c42fb6fcc7a009f0464ca4a95f87bb64" }, "downloads": -1, "filename": "mia-0.1.1.tar.gz", "has_sig": false, "md5_digest": "52a1ac440fcdcfb7fd720aea27b272a0", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 15890, "upload_time": "2018-09-23T18:28:15", "url": "https://files.pythonhosted.org/packages/e1/cb/2b2ba3712896fd293fe58c34a2d00ac178c25b85263c7632448f8bc75517/mia-0.1.1.tar.gz" } ], "0.1.2": [ { "comment_text": "", "digests": { "md5": "684eaac8c7d551bf2d48c1210dcc0916", "sha256": "f170384300f1e08898237cf7f43582fb2b95c0ea1ac56c2c8198e18f58633154" }, "downloads": -1, "filename": "mia-0.1.2-py2-none-any.whl", "has_sig": false, "md5_digest": "684eaac8c7d551bf2d48c1210dcc0916", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 13470, "upload_time": "2018-09-27T11:00:15", "url": "https://files.pythonhosted.org/packages/ff/2c/9027be252e23650230be310f9b7886fc2f9f5bed77afe89542441a44c8ce/mia-0.1.2-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "ea7ab0440a729e549018171836ee3fc2", "sha256": "118606dfe9f8cbd8ecb6edcd1231d5360decbf4ff02d90a1696df73958580a55" }, "downloads": -1, "filename": "mia-0.1.2.tar.gz", "has_sig": false, "md5_digest": "ea7ab0440a729e549018171836ee3fc2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 17240, "upload_time": "2018-09-27T11:00:17", "url": "https://files.pythonhosted.org/packages/7d/12/f149a7cd43e49725921e9884363aa3cbfea8a49c319a944eb71d48973fa9/mia-0.1.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "684eaac8c7d551bf2d48c1210dcc0916", "sha256": "f170384300f1e08898237cf7f43582fb2b95c0ea1ac56c2c8198e18f58633154" }, "downloads": -1, "filename": "mia-0.1.2-py2-none-any.whl", "has_sig": false, "md5_digest": "684eaac8c7d551bf2d48c1210dcc0916", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 13470, "upload_time": "2018-09-27T11:00:15", "url": "https://files.pythonhosted.org/packages/ff/2c/9027be252e23650230be310f9b7886fc2f9f5bed77afe89542441a44c8ce/mia-0.1.2-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "ea7ab0440a729e549018171836ee3fc2", "sha256": "118606dfe9f8cbd8ecb6edcd1231d5360decbf4ff02d90a1696df73958580a55" }, "downloads": -1, "filename": "mia-0.1.2.tar.gz", "has_sig": false, "md5_digest": "ea7ab0440a729e549018171836ee3fc2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 17240, "upload_time": "2018-09-27T11:00:17", "url": "https://files.pythonhosted.org/packages/7d/12/f149a7cd43e49725921e9884363aa3cbfea8a49c319a944eb71d48973fa9/mia-0.1.2.tar.gz" } ] }